This PR was submitted for the 2.7 branch but it was merged into the 2.8 branch instead (closes#27297).
Discussion
----------
Triggering RememberMe's loginFail() when token cannot be created
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no (but minor behavior change)
| Deprecations? | no->
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | not needed
This is an edge-case bug fix. If, for example, someone tampers with the remember me cookie, and so it is invalid, this causes the `->autoLogin()` call to throw an `AuthenticationException`. But, this did not call the `loginFail()` method.
Honestly, I'm not sure if the old or new behavior is correct. But, we should discuss and merge or close.
Commits
-------
e3412e6a67 Triggering RememberMe's loginFail() when token cannot be created
This PR was merged into the 4.1 branch.
Discussion
----------
[Routing] Account for greediness when merging route patterns
| Q | A
| ------------- | ---
| Branch? | 4.1
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27385
| License | MIT
| Doc PR | -
Sub-patterns of variable length should not be considered as common prefixes because their greediness would break in-order matching.
Commits
-------
d5a8237b1c [Routing] Account for greediness when merging route patterns
* 4.1: (26 commits)
Revert "bug #27312 Supress deprecation notices thrown when getting private servies from container in tests (arderyp)"
[HttpKernel] reset kernel start time on reboot
Add code of Conduct links in our README
bumped Symfony version to 4.0.12
[FrameworkBundle] Fix using test.service_container when Client is rebooted
[DI] never inline lazy services
updated VERSION for 4.0.11
updated CHANGELOG for 4.0.11
bumped Symfony version to 3.4.12
updated VERSION for 3.4.11
updated CHANGELOG for 3.4.11
Default testsuite to latest PHPUnit 6.*
[Github] Update the pull-request template
bumped Symfony version to 2.8.42
updated VERSION for 2.8.41
updated CHANGELOG for 2.8.41
Tweak Argon2 test config
[HttpFoundation] Fix cookie test with xdebug
[FrameworkBundle] cleanup generated test container
[Serializer] Check the value of enable_max_depth if defined
...
* 4.0:
[HttpKernel] reset kernel start time on reboot
Add code of Conduct links in our README
bumped Symfony version to 4.0.12
[DI] never inline lazy services
updated VERSION for 4.0.11
updated CHANGELOG for 4.0.11
bumped Symfony version to 3.4.12
updated VERSION for 3.4.11
updated CHANGELOG for 3.4.11
Default testsuite to latest PHPUnit 6.*
[Github] Update the pull-request template
bumped Symfony version to 2.8.42
updated VERSION for 2.8.41
updated CHANGELOG for 2.8.41
[HttpFoundation] Fix cookie test with xdebug
[Serializer] Check the value of enable_max_depth if defined
[DI] remove dead code
[PhpUnitBridge] silence some stderr outputs
[Validator] Update sl translation
* 3.4:
[HttpKernel] reset kernel start time on reboot
Add code of Conduct links in our README
[DI] never inline lazy services
bumped Symfony version to 3.4.12
updated VERSION for 3.4.11
updated CHANGELOG for 3.4.11
Default testsuite to latest PHPUnit 6.*
[Github] Update the pull-request template
bumped Symfony version to 2.8.42
updated VERSION for 2.8.41
updated CHANGELOG for 2.8.41
[HttpFoundation] Fix cookie test with xdebug
[Serializer] Check the value of enable_max_depth if defined
[DI] remove dead code
[PhpUnitBridge] silence some stderr outputs
[Validator] Update sl translation
* 2.8:
Add code of Conduct links in our README
[DI] never inline lazy services
Default testsuite to latest PHPUnit 6.*
[Github] Update the pull-request template
bumped Symfony version to 2.8.42
updated VERSION for 2.8.41
updated CHANGELOG for 2.8.41
This PR was merged into the 4.2-dev branch.
Discussion
----------
[Security][SecurityBundle] FirewallMap/FirewallContext deprecations
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes/no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
Next to #24805.
Commits
-------
a71ba78478 [Security][SecurityBundle] FirewallMap/FirewallContext deprecations
This PR was squashed before being merged into the 3.4 branch (closes#27344).
Discussion
----------
[HttpKernel] reset kernel start time on reboot
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27319
| License | MIT
| Doc PR | n/a
I created branch from 3.4, since the furthest thing I could find for the reboot feature was a4fc49294e and it originated during stabilization phase of 3.4.
ping @nicolas-grekas
Commits
-------
b7feef00ae [HttpKernel] reset kernel start time on reboot
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] Update sl translation
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
This patch updates Slovenian sl_SI translation for the 3.4 branches and up to master.
Commits
-------
a7a1325eab [Validator] Update sl translation
This PR was merged into the 3.4 branch.
Discussion
----------
[Serializer] Check the value of enable_max_depth if defined
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | n/a <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | n/a
Because it confuses some users that `['enable_max_depth' => false]` actually triggers the check.
Commits
-------
e88e0f30f1 [Serializer] Check the value of enable_max_depth if defined
This PR was merged into the 2.8 branch.
Discussion
----------
[DI] never inline lazy services
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | no
| Fixed tickets | -
| License | MIT
| Doc PR | -
Should apply also:
- to deprecated services since 2.8
- to errored services since 3.4
Commits
-------
3b4d7ab56c [DI] never inline lazy services
This PR was submitted for the 2.7 branch but it was merged into the 2.8 branch instead (closes#27355).
Discussion
----------
Add code of Conduct links in our README
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | - <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | - <!-- required for new features -->
Commits
-------
40e59a6415 Add code of Conduct links in our README
This PR was merged into the 4.1 branch.
Discussion
----------
Remove reference to the test container after kernel shutdown
| Q | A
| ------------- | ---
| Branch? | 4.1
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This reference is not working anymore, as the main container was reset and cleaned. Keeping a reference to the test container will prevent collecting the object graph.
Commits
-------
d8fb1b97c9 Remove reference to the test container after kernel shutdown
This PR was merged into the 4.1 branch.
Discussion
----------
[Security] Fix missing use in UserInterface
| Q | A
| ------------- | ---
| Branch? | 4.1
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Fix missing `Role` use used in the `getRoles` return type.
Commits
-------
3e0a0f4cb5 Fix missing use in UserInterface
This PR was merged into the 4.1 branch.
Discussion
----------
[HttpKernel] fix deprecation in AbstractTestSessionListener
| Q | A
| ------------- | ---
| Branch? | 4.1
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
After #26564 functional tests began to emit a deprecation warning because of `getSession()` being called without verifying the existence of a session.
Commits
-------
0ecaefe179 [HttpKernel] fix deprecation in AbstractTestSessionListener
This PR was merged into the 4.1 branch.
Discussion
----------
[FrameworkBundle] cleanup generated test container
| Q | A
| ------------- | ---
| Branch? | 4.1
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Cleans up removed and hidden services, fixes an issue when the private container locator is inlined.
Commits
-------
d8cbec00ad [FrameworkBundle] cleanup generated test container
This PR was merged into the 4.1 branch.
Discussion
----------
[FrameworkBundle] Fix using test.service_container when Client is rebooted
| Q | A
| ------------- | ---
| Branch? | 4.1
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
169a3b1688 [FrameworkBundle] Fix using test.service_container when Client is rebooted
This PR was merged into the 4.1 branch.
Discussion
----------
Tweak Argon2 test config
| Q | A
| ------------- | ---
| Branch? | 4.1
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Memory cost 8 seems to be lowest value accepted on my machine
```
Testing Symfony\Component\Security\Core\Tests\Encoder\Argon2iPasswordEncoderTest
E.... 5 / 5 (100%)
Time: 114 ms, Memory: 4.00MB
There was 1 error:
1) Symfony\Component\Security\Core\Tests\Encoder\Argon2iPasswordEncoderTest::testValidationWithConfig
password_hash(): Memory cost is outside of allowed memory range
/home/gadelat/PhpstormProjects/symfony/src/Symfony/Component/Security/Core/Encoder/Argon2iPasswordEncoder.php:105
/home/gadelat/PhpstormProjects/symfony/src/Symfony/Component/Security/Core/Encoder/Argon2iPasswordEncoder.php:67
/home/gadelat/PhpstormProjects/symfony/src/Symfony/Component/Security/Core/Tests/Encoder/Argon2iPasswordEncoderTest.php:34
```
Commits
-------
0e74f73af5 Tweak Argon2 test config
Iltar van der Berg
Fabien Potencier
Ryan Weaver
Maxime Steinhausser
Nicolas Grekas
kiler129
Javier Eguiluz
